Security News > 2022 > November > Russian hacktivists hit Ukrainian orgs with ransomware – but no ransom demands

The Ukrainian CERT has uncovered an attack campaign aimed at compromising Ukrainian organizations and irretrievably encrypting their files.

To do that, they are leveraging a specific version of the Somnia ransomware that, "According to the attackers' theoretical plan, does not provide for the possibility of data decryption."

The Ukrainian cyber experts believe that the attack was effected by Russian hacktivists that go by FRwL, with help from an initial access broker.

The team does not specify at which point the hacktivists took the attack over from the IAB, but say that, "Having gained remote access to the organization's computer network using a VPN, the attackers conducted reconnaissance, launched the Cobalt Strike Beacon program, and also exfiltrated data, as evidenced by the use of the R?lone program."

"FRwL, whose activity is monitored by CERT-UA under the identifier UAC-0118, took responsibility for the unauthorized intervention in the operation of automated systems and electronic computing machines of the target of the attack," the Ukrainians say.

FRwL have been launching similar attacks against Ukrainian targets since the spring of 2022, but this time the ransomware used is different, as it uses a different algorithm to encrypt files with a variety of extensions.

News URL

https://www.helpnetsecurity.com/2022/11/14/somnia-ransomware-ukrainian/